I just learned something useful - so this day is not completely wasted ;)
On Windows XP SP2 and Windows Server 2003 SP1 netstat got a new -b argument.
So what does it do? It lists the executable using the connection. No more need to consolidate information between netstat -o and task manager or such :D
Example output:
TCP MyPC:4137 baym-cs344.msgr.hotmail.com:1863 ESTABLISHED 1532
[msnmsgr.exe]
-v gives even more information (and is quite slow):
TCP MyPC:4137 baym-cs344.msgr.hotmail.com:1863 ESTABLISHED 1532
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\WS2_32.dll
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\USER32.dll
[msnmsgr.exe]
Try it for yourself...
Wednesday, September 28, 2005
Sunday, September 25, 2005
Granting access to eventlogs on Windows Server 2003
When Windows Server 2003 came out, a more flexible method for granting access to eventlogs was made available. A REG_SZ called CustomSD below HKLM\System\CCS\Services\Eventlog\NameOfLog contains an SDDL string with the specified access. This can be automated using the suggested Group Policy changes or you can use a script like the one below. This script attempts to find a local admin for a given AD site and grant this person and a global Security Reviewer role read access to the server at hand. This script could be used as a startup script on the servers, you want to delegate access to.
The WSF script -
<job>
<script language="vbscript">
Option explicit
main
sub main
dim strLocalAdminSid
dim strSecurityReviewerSid
strLocalAdminSid = GetSidForGroup("Local Admin for " & GetSite)
strSecurityReviewerSid = GetSidForGroup("Security Reviewer Role")
UpdateEventlogAccess strLocalAdminSid
UpdateEventlogAccess strSecurityReviewerSid
end sub
sub UpdateEventlogAccess(strSID)
' Give user read access to eventlog
const ROOTKEY="HKLM\SYSTEM\CurrentControlSet\Services\Eventlog"
dim objShell
dim strSDDLKey
dim strSDDL
dim strReadAccessSDDL
const NOSUCHKEY=&h80070002
dim objEventLog
dim lngError
set objShell = CreateObject("wscript.shell")
for each objEventlog in GetObject("winmgmts:")._
InstancesOf("win32_NTeventlogFile")
wscript.echo objEventlog.Logfilename
strSDDLKey=ROOTKEY & "\" & _
objEventlog.Logfilename & "\CustomSD"
on error resume next
strSDDL=objShell.RegRead(strSDDLKey)
lngError=err
on error goto 0
if lngError<>0 then
' Key not found - so we can’t do anything
else
wscript.echo "Existing SDDL - " & strSDDL
' check if key needs to be updated
strReadAccessSDDL = "(A;;0x01;;;" & strSID & ")"
if instr(strSDDL,strReadAccessSDDL)=0 then
strSDDL=strSDDL & strReadAccessSDDL
objShell.RegWrite strSDDLKey, strSDDL, "REG_SZ"
wscript.echo "New SDDL - " & strSDDL
end if
end if
next
end sub
function GetSite
dim objInfo
set objInfo = CreateObject("ADSystemInfo")
GetSite = objInfo.SiteName
end function
function GetSidForGroup(strName)
dim objWMIService
dim objItems
dim objItem
dim strSID
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set objItems = objWMIService.ExecQuery _
("Select * from Win32_Group Where name='" & strName & "'")
For Each objItem in objItems
strSID = objItem.SID
Next
GetSidForGroup=strSID
end function
</script>
</job>
Use it at your own risk - but have fun!
The WSF script -
<job>
<script language="vbscript">
Option explicit
main
sub main
dim strLocalAdminSid
dim strSecurityReviewerSid
strLocalAdminSid = GetSidForGroup("Local Admin for " & GetSite)
strSecurityReviewerSid = GetSidForGroup("Security Reviewer Role")
UpdateEventlogAccess strLocalAdminSid
UpdateEventlogAccess strSecurityReviewerSid
end sub
sub UpdateEventlogAccess(strSID)
' Give user read access to eventlog
const ROOTKEY="HKLM\SYSTEM\CurrentControlSet\Services\Eventlog"
dim objShell
dim strSDDLKey
dim strSDDL
dim strReadAccessSDDL
const NOSUCHKEY=&h80070002
dim objEventLog
dim lngError
set objShell = CreateObject("wscript.shell")
for each objEventlog in GetObject("winmgmts:")._
InstancesOf("win32_NTeventlogFile")
wscript.echo objEventlog.Logfilename
strSDDLKey=ROOTKEY & "\" & _
objEventlog.Logfilename & "\CustomSD"
on error resume next
strSDDL=objShell.RegRead(strSDDLKey)
lngError=err
on error goto 0
if lngError<>0 then
' Key not found - so we can’t do anything
else
wscript.echo "Existing SDDL - " & strSDDL
' check if key needs to be updated
strReadAccessSDDL = "(A;;0x01;;;" & strSID & ")"
if instr(strSDDL,strReadAccessSDDL)=0 then
strSDDL=strSDDL & strReadAccessSDDL
objShell.RegWrite strSDDLKey, strSDDL, "REG_SZ"
wscript.echo "New SDDL - " & strSDDL
end if
end if
next
end sub
function GetSite
dim objInfo
set objInfo = CreateObject("ADSystemInfo")
GetSite = objInfo.SiteName
end function
function GetSidForGroup(strName)
dim objWMIService
dim objItems
dim objItem
dim strSID
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set objItems = objWMIService.ExecQuery _
("Select * from Win32_Group Where name='" & strName & "'")
For Each objItem in objItems
strSID = objItem.SID
Next
GetSidForGroup=strSID
end function
</script>
</job>
Use it at your own risk - but have fun!
Wednesday, September 14, 2005
Microsoft re-issues SP4 Rollup 1
As reported earlier Microsoft has now re-released Windows 2000 SP4 Rollup 1 due to customers problems with the Rollup. Some of these can be found in the comments part of my first posting - but according to the KB it doesn't seem to address the problems regarding SNMP reporter by our readers (Source can be found here)
Subscribe to:
Posts (Atom)